Re: Questions regaring Exchange and multiple forests
- From: William <William@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 6 Mar 2008 09:18:01 -0800
Thanks very much for the input Mark... You have enforced everyhting I thought
and was trying to propose. You have been very helpfull.
Have a great day!
"Mark Arnold [MVP]" wrote:
On Thu, 6 Mar 2008 08:04:00 -0800, William.
<William@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I think maybe I am not coming across incorrectly... Let me clarify...You were advised badly, very badly.
I was actively seeking advice on the appropriate solution from the AD forum
from which I was advised we should set up seperate forests and give the users
POP/IMAP access.
I do NOT want the users to use POP OR IMAP but DO want them to have the full
rich experience of using exchange server.
Good. Then tell "them" that the answer is RPC over HTTPS.
We are trying to find out if it is possible to keep the two sites seperate
(by means of seperate domains?) but still give them the ability to create
users and delete users on their end which would also create and delete the
mailboxes on the exchange server on our end (minimal management for us).
You can do this any way you want. Separate forest lets them have total
isolated control over their accounts. You have to have another account
for the user that you control. At all times you control the mailbox.
You can have a child domain that they look after. They can have some
control over the mailboxes and they can always elevate themselves to
control your domain.
You can have an OU for them in your domain.
They want the remote site to be as seperate as possible so they feel they
are their own entity, but also want us to be connected enough that if
somthing falls through we can take over.
"They want". Well, give them what they want. If they want a crap
solution (and it sounds like they do) then persuade them otherwise.
I am mearly looking for some direction in to which path is most logical and
what is/is not possible. From there I can begin doing the necessary research.
I basically need to advise the upper management whether what they want is
possible or anot, and then figure out how to implement what is possible.
As a final answer for you and them I would suggest you go and tell
them to go away. If they "may" go off on their own later on I would
suggest a different forest and they use their own Exchange. Use:
http://support.microsoft.com/kb/321721 to take ownership of the email
and then forward the mail to them. Then if they want to go off they
can do so and you need to do nothing whatsoever. They have total
control of their email and AD but share your SMTP space.
Best compromise, best of both worlds.
IF, and it's clearly only an IF, they are not eventually going to go
off on their own you need to tell them to shut the fisk up and get
accounts and mailboxes created on your own domain, link the sites via
VPN and use Outlook or no VPN and use Outlook RPC over HTTPS.
Hope that makes sense.
Thanks much for your input thus far!
"Mark Arnold [MVP]" wrote:
On Wed, 5 Mar 2008 15:13:02 -0800, William
<William@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Well, I don't necessarily have to go with seperate forests but I was advised
this would the best way of accomplishing this from the AD group. I would much
rather set them up as a child domain or a seperate domain all together.
Well, a child domain is a possible although from what you've written
so far it would be nearly pointless (which is why you should take
advice from your AD group as they are closer to you - unless you are
just talking about the AD forum in these newsgroups in which case I
disagree with them.) A separate domain IS a separate forest so you
should probably do a little reading up on things.
So is it possible for them to manage their own user accounts from their
domain without affecting the rest of our domain?
You can give them their own domain or an OU in the main domain and do
delegation. The latter is probably better for you to control.
I had suggested the RPC over HTTPS option to the seniors here but they seem
to want to stick to TCP for Exchange communications...
Huh? If you are giving them POP/IMAP connectivity how the heck do you
propose to give them a rich experience? Either you or your management
need to read up on the protocols and features available.
Your requirements and your knowledge fall a long way short of us being
So, if it is possible to have them manage their own exchange accounts while
keeping the domains seperate, how is this done? We want to make sure we have
the ability to migrate the mailboxes off our server if/when they decide to
roll out one of their own.
able to give you a good answer that would be effective. If I were you
I'd engage a consultant to sit with you for a day, brain dump and then
give you the best option to take forward.
Thanks!
- References:
- Re: Questions regaring Exchange and multiple forests
- From: Mark Arnold [MVP]
- Re: Questions regaring Exchange and multiple forests
- From: William
- Re: Questions regaring Exchange and multiple forests
- From: Mark Arnold [MVP]
- Re: Questions regaring Exchange and multiple forests
- From: William
- Re: Questions regaring Exchange and multiple forests
- From: Mark Arnold [MVP]
- Re: Questions regaring Exchange and multiple forests
- Prev by Date: Re: Questions regaring Exchange and multiple forests
- Next by Date: Securing Exchange Server
- Previous by thread: Re: Questions regaring Exchange and multiple forests
- Next by thread: Re: Questions regaring Exchange and multiple forests
- Index(es):
Relevant Pages
|
